一、概述
什么是容器
容器技术已经成为应用程序封装和交付的核心技术
容器技术的核心有以下几个内核技术组成:
--Cgroups(Control Groups) 资源管理
--NameSpace 进程隔离
--SElinux 安全
由于在物理机上实施隔离,启动一个容器,可以像启动一个进程一样快速
什么是Docker
Docker是完整的一套容器管理系统
Docker提供了一组命令,让用户更加方便直接地使用容器技术,而不需要过多关心底层内核技术
Docker优点
相比于传统的虚拟化技术,容器更加简洁高效
传统虚拟机需要给每个VM安装操作系统
容器使用的共享公共库和程序
Docker缺点
容器的隔离性没有虚拟化强
共用Linux内核,安全性有先天缺陷
SElinux难以驾驭
监控容器和容器排错是挑战
二、Docker的安装
安装前准备
操作系统 Linux CentOS 7.5
关闭防火墙(不是必须,避免引发一些防火墙导致的问题)
系统版本
[root@docker01 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
Docker的安装可以通过配置yum源或下载安装包安装以下通过yum源方式安装
1.配置yum源 安装docker
打开官网找到适配系统的yum源 按提示安装即可,yum源站点在国外如果因为网络原因安装失败,换成下载安装包安装
官网:https://docs.docker.com/engin...
$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install docker-ce docker-ce-cli containerd.io
[root@docker01 ~]# systemctl restart docker //开启docker服务
[root@docker01 ~]# systemctl status docker //查看docker服务状态
[root@docker01 ~]# systemctl enable docker //开启docker服务开机启动
[root@docker01 ~]# ifconfig //有docker0说明环境部署完成
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:d5:18:74:94 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
三、Docker的的常用命令
Docker镜像常用命令**
docker images 查看镜像列表
docker history 查看镜像制作历史
docker inspect 查看镜像底层信息
docker pull 下载镜像
docker push 上传镜像
docker rmi 删除本地镜像
docker save 镜像另存为tar包
docker load 使用tar包导入镜像
docker search 搜索镜像
docker tag 修改镜像名称和标签
Docker容器常用命令有哪些
docker run 运行容器
docker ps 查看容器列表
docker stop 关闭容器
docker start 启动容器
docker restart 重启容器
docker attach|exec 进入容器
docker inspect 查看容器底层信息
docker top 查看容器进程列表
docker rm 删除容器
3.1 镜像常用指令练习
默认的镜像仓库为官方镜像仓库,上传下载都会受到网络速度的限制,为了方便管理镜像,后期我们需要在本地搭建镜像仓库
1)搜索镜像
[root@docker01 ~]# docker search nginx //搜索镜像 带OK 的是官方镜像 更安全
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
nginx Official build of Nginx. 13768 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1879 [OK]
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 787 [OK]
linuxserver/nginx An Nginx container, brought to you by LinuxS… 128
......
[root@docker01 ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6202 [OK]
ansible/centos7-ansible Ansible on Centos7 132 [OK]
consol/centos-xfce-vnc Centos container with "headless" VNC session… 121 [OK]
......
2)下载镜像
[root@docker01 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
d121f8d1c412: Pull complete
ebd81fc8c071: Pull complete
655316c160af: Pull complete
d15953c0e0f8: Pull complete
2ee525c5c3cc: Pull complete
Digest: sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
3)上传镜像 远程镜像仓库因为没有配置认证 上传被拒绝
[root@docker01 ~]# docker push docker.io/nginx
The push refers to repository [docker.io/library/nginx]
908cf8238301: Layer already exists
eabfa4cd2d12: Layer already exists
......
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
4)查看镜像列表
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 7e4d58f0e5f3 2 weeks ago 133MB
busybox latest 6858809bf669 2 weeks ago 1.23MB
centos latest 0d120b6ccaa8 6 weeks ago 215MB
5)导出镜像
[root@docker01 ~]# docker save docker.io/nginx:latest -o nginx.tar
[root@docker01 ~]# ls
busybox.tar Desktop nginx.tar
6)删除镜像
[root@docker01 ~]# docker rmi docker.io/nginx
Untagged: nginx:latest
Untagged: nginx@sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0
Deleted: sha256:7e4d58f0e5f3b60077e9a5d96b4be1b974b5a484f54f9393000a99f3b6816e3d
Deleted: sha256:eedfd37abc0b05520a719addf6675b372687fe9a2ed1746fa988335720d4376c
Deleted: sha256:4f052ddd517f6dc5b74d2f7d881838b8ec6a5e67ec7a1da8bbbe91e1e068ad3a
Deleted: sha256:5f78154d356577280e4ac0d9bf0d021d488828e57f953b011dcbadaecd539ce4
Deleted: sha256:db5783668220e16186080f3e9d69ad748aab8c72abb8e457f6fc45369461634b
Deleted: sha256:07cab433985205f29909739f511777a810f4a9aff486355b71308bb654cdc868
7)导入镜像
[root@docker01 ~]# docker load -i nginx.tar
07cab4339852: Loading layer 72.49MB/72.49MB
f431d0917d41: Loading layer 64.31MB/64.31MB
60c688e8765e: Loading layer 3.072kB/3.072kB
eabfa4cd2d12: Loading layer 4.096kB/4.096kB
908cf8238301: Loading layer 3.584kB/3.584kB
Loaded image: nginx:latest
批量导入镜像
[root@docker01 ~]# for i in *.tar; do docker load -i $i; done;
be8b8b42328a: Loading layer 1.45MB/1.45MB
Loaded image: busybox:latest
Loaded image: nginx:latest
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 7e4d58f0e5f3 12 days ago 133MB
busybox latest 6858809bf669 2 weeks ago 1.23MBM
8)查看centos镜像历史(制作过程)
[root@docker01 ~]# docker history docker.io/centos
IMAGE CREATED CREATED BY SIZE COMMENT
0d120b6ccaa8 6 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 6 weeks ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 6 weeks ago /bin/sh -c #(nop) ADD file:538afc0c5c964ce0d… 215MB
9)启动nginx的镜像
[root@docker01 ~]# docker run -d docker.io/nginx
10)删除镜像,启动容器时删除镜像会失败,先删除容器,再删除镜像
格式:docker rmi 镜像名
[root@docker01 ~]# docker rmi nginx //删除镜像 报错:
Error response from daemon: conflict: unable to remove repository reference "nginx" (must force) - container 47e0f88ff31ee is using its referenced image 7e4d58f0e5f3
[root@docker01 ~]# docker stop 47e //停止容器
47e
[root@docker01 ~]# docker rm 47e //再删除容器
47e
[root@docker01 ~]# docker rmi docker.io/nginx //在删除容器成功
[root@docker01 ~]# docker run -d docker.io/nginx //镜像删除后 运行容器docker重新下载镜像
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
d121f8d1c412: Pulling fs layer
ebd81fc8c071: Pulling fs layer
655316c160af: Download complete
d15953c0e0f8: Waiting
2ee525c5c3cc: Waiting
11)修改镜像的名称和标签,默认标签为 v2
[root@docker01 ~]# docker tag docker.io/centos:latest docker.io/centos:v2
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 6858809bf669 2 weeks ago 1.23MB
centos latest 0d120b6ccaa8 6 weeks ago 215MB
centos v2 0d120b6ccaa8 6 weeks ago 215MB
12)查看镜像的底层信息
[root@docker01 ~]# docker inspect docker.io/centos
[
{
"Id": "sha256:0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566",
"RepoTags": [
"centos:latest",
"centos:v2"
],
......
3.2 容器常用指令练习
1)查看容器列表
[root@docker01 ~]# docker ps //查看后面运行容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47edcb784521 nginx "/docker-entrypoint.…" 55 seconds ago Up 54 seconds 80/tcp funny_faraday
[root@docker01 ~]# docker ps -q //查看后面运行容器只显示ID
47edcb784521
d1129361c6b1
[root@docker01 ~]# docker ps -a //查看所有容器包括没有启动的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47edcb784521 nginx "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp funny_faraday
d1129361c6b1 centos "/bin/bash" 57 minutes ago Up 4 minutes blissful_poitras
45065a8f9abe centos "/bin/bash" 23 hours ago Exited (130) 23 hours ago relaxed_heisenberg
[root@docker01 ~]# docker ps -qa //只显示所有容器ID
47edcb784521
d1129361c6b1
45065a8f9abe
2)启动centos镜像生成一个容器
docker run -it 是交互 -itd是放入后台运行 像类似nginx的服务启动后没有输入 后面加 /bin/bash 交互的命令可不用加默认 latest /bin/bash会自动补齐
[root@docker01 ~]# docker run -it docker.io/centos /bin/bash
[root@d1129361c6b1 /]# yum repolist //看查默认的yum源 注意命令行前面变成了[root@d1129361c6b1 /] 说明已经在容器里了
Failed to set locale, defaulting to C.UTF-8
repo id repo name
AppStream CentOS-8 - AppStream
BaseOS CentOS-8 - Base
extras CentOS-8 - Extras
[root@d1129361c6b1 /]# yum -y install net-tools //安装软件
[root@d1129361c6b1 /]# exit //退出
exit
3)连接容器 并保持后台运行 attach|exec
[root@docker01 ~]# docker ps //查看后台运行的容器 发现容器也跟着退出了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
方式1 attach 按ctrl+p+q退出
[root@docker01 ~]# docker start d1 //开启容器
d1
[root@docker01 ~]# docker attach d1 // attach进入进程,退出会关闭 按ctrl+p+q退出 可以保留程序
[root@d1129361c6b1 /]# read escape sequence
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1129361c6b1 centos "/bin/bash" About an hour ago Up 48 seconds blissful_poitras
方式2 exec
其中,-t 选项让Docker分配一个伪终端(pseudo-tty)并绑定到容器的标准输入上
-i 则让容器的标准输入保持打开
在交互模式下,用户可以通过所创建的终端来输入命令
[root@docker01 ~]# docker exec -it d1 /bin/bash
[root@d1129361c6b1 /]# exit
exit
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1129361c6b1 centos "/bin/bash" About an hour ago Up 10 seconds blissful_poitras
4)查看容器进程列表
[root@docker01 ~]# docker top d1
UID PID PPID C STIME TTY TIME CMD
root 21336 21318 0 16:36 pts/0 00:00:00 /bin/bash
5)修改nginx的显示内容
[root@docker01 ~]# docker exec -it 47 /bin/bash
[root@47edcb784521:/# nginx -T /usr/share/nginx/html/
nginx: invalid option: "/usr/share/nginx/html/" //查找并显示结果
[root@47edcb784521:/# echo aaa >/usr/share/nginx/html/index.html //修改主页显示的内容
[root@47edcb784521:/# cat /usr/share/nginx/html/index.html
aaa
5)过滤查看mac和ip地址
[root@docker01 ~]# docker inspect -f '{{.NetworkSettings.MacAddress}}' 47
02:42:ac:11:00:03
[root@docker01 ~]# docker inspect -f '{{.NetworkSettings.IPAddress}}' 47
172.17.0.3
[root@docker01 ~]# curl 172.17.0.3
aaa
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。